Vraag & Antwoord

Beveiliging & privacy

trojan dumaru en bargain buddy

Anoniem
gerben
1 antwoord
  • beste Juisterr, bedankt voor de tip, hier volgt het log van Combofix:
    [code:1:de3b52cfec]Ederveen - 06-12-21 22:41:14,46 Service Pack 2
    ComboFix 06.11.27 - Running from: "D:\kees"

    ((((((((((((((((((((((((((((((( Files Created from 2006-11-21 to 2006-12-21 ))))))))))))))))))))))))))))))))))


    2006-12-21 21:33 <DIR> d——– C:\Program Files\Lavasoft
    2006-12-20 16:11 <DIR> d——– C:\Program Files\XoftSpySE
    2006-12-20 14:57 78,336 –a—— C:\WINDOWS\system32\drivers\ssi.sys
    2006-12-20 14:57 102,912 –a—— C:\WINDOWS\system32\islzma.dll
    2006-12-20 14:57 <DIR> d——– C:\Program Files\Webroot
    2006-12-20 14:57 <DIR> d——– C:\Documents and Settings\Ederveen\Application Data\Webroot
    2006-12-20 14:56 <DIR> d——– C:\Program Files\Spybot - Search & Destroy
    2006-12-20 14:56 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2006-12-20 14:55 <DIR> d——– C:\Program Files\SpywareBlaster
    2006-12-20 14:43 <DIR> d——– C:\WINDOWS\system32\GroupPolicy
    2006-12-20 14:43 <DIR> d——– C:\Program Files\Hitman Pro
    2006-12-19 17:40 <DIR> d——– C:\Program Files\SPYWAREfighter
    2006-12-19 17:40 <DIR> d——– C:\Program Files\Common Files\Application
    2006-12-19 17:07 51,072 –a—— C:\WINDOWS\system32\drivers\ikhlayer.sys
    2006-12-19 17:07 30,592 –a—— C:\WINDOWS\system32\drivers\ikhfile.sys
    2006-12-19 17:07 <DIR> d-a—— C:\Documents and Settings\All Users\Application Data\TEMP
    2006-12-19 17:07 <DIR> d——– C:\Program Files\Spyware Doctor
    2006-12-19 17:07 <DIR> d——– C:\Documents and Settings\Ederveen\Application Data\PC Tools
    2006-12-10 16:49 <DIR> d——– C:\Program Files\Mozart9
    2006-12-10 16:49 <DIR> d——– C:\Documents and Settings\Ederveen\Application Data\Mozart 9
    2006-11-27 15:52 <DIR> d——– C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-12-21 22:32 ——– d——– C:\Documents and Settings\Ederveen\Application Data\Azureus
    2006-12-21 21:34 ——– d——– C:\Documents and Settings\Ederveen\Application Data\Lavasoft
    2006-12-19 17:40 ——– d——– C:\Program Files\Common Files
    2006-12-18 02:14 ——– d——– C:\Program Files\Outlook Express
    2006-12-18 02:14 ——– d——– C:\Program Files\Internet Explorer
    2006-12-18 02:14 ——– d——– C:\Program Files\Common Files\System
    2006-12-11 20:37 9116 –a—— C:\Documents and Settings\Ederveen\Application Data\ViewerApp.dat
    2006-12-10 12:44 ——– d——– C:\Documents and Settings\Ederveen\Application Data\AdobeUM
    2006-12-07 07:40 2362184 –a—— C:\WINDOWS\system32\wmvcore.dll
    2006-11-28 20:34 ——– d——– C:\Program Files\WinTV
    2006-11-26 12:39 3194880 –a—— C:\Program Files\TooltaskforceWmoversie2_6c.mdb
    2006-11-16 22:08 ——– d–h—– C:\Program Files\InstallShield Installation Information
    2006-11-16 22:06 ——– d——– C:\Program Files\Creative
    2006-11-15 22:56 ——– d——– C:\Program Files\MSXML 4.0
    2006-11-13 11:18 ——– d——– C:\Program Files\Java
    2006-11-08 06:07 679424 –a—— C:\WINDOWS\system32\inetcomm.dll
    2006-11-04 14:14 1245696 –a—— C:\WINDOWS\system32\msxml4.dll
    2006-11-02 15:57 ——– d——– C:\Program Files\EasyStart
    2006-11-01 14:39 ——– d——– C:\Program Files\EasyGPS
    2006-10-28 20:17 ——– d——– C:\Program Files\Google
    2006-10-22 14:46 ——– d——– C:\Documents and Settings\Ederveen\Application Data\Google
    2006-10-20 02:39 714752 –a—— C:\WINDOWS\system32\sxs.dll
    2006-10-13 13:41 65536 –a—— C:\WINDOWS\system32\nwwks.dll
    2006-10-13 13:41 64000 –a—— C:\WINDOWS\system32\nwapi32.dll
    2006-10-13 13:41 144384 –a—— C:\WINDOWS\system32\nwprovau.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "PowerBar"="\"C:\\Program Files\\CyberLink DVD Solution\\Multimedia Launcher\\PowerBar.exe\" /AtBootTime"
    "NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\nbj.exe\""
    "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
    "OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\Monitor.exe"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
    "updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
    "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "nwiz"="nwiz.exe /install"
    "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "Norton"="C:\\Program Files\\ASUS\\WLAN Card Utilities\\NorExec.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
    "Nokia Tray Application"="C:\\Program Files\\Common Files\\Nokia\\NCLTools\\NclTray.exe"
    "PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~2\\LAUNCH~1.EXE -onlytray"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "OM_Monitor"="C:\\Program Files\\OLYMPUS\\OLYMPUS Master\\FirstStart.exe"
    "VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
    "VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
    "OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
    "MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
    "MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
    "spywarefighterguard"="C:\\Program Files\\SPYWAREfighter\\spftray.exe"
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Mijn huidige introductiepagina"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Preloader van browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Cache-daemon voor onderdeelcategorieën"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Symantec NetDetect.job
    C:\WINDOWS\tasks\vtigerCRM Email Reminder.job
    C:\WINDOWS\tasks\vtigerCRM Notification Scheduler.job
    C:\WINDOWS\tasks\XoftSpySE.job

    Completion time: 06-12-21 22:45:14.60
    C:\ComboFix.txt … 06-12-21 22:45
    [/code:1:de3b52cfec]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.